Search

12/13/2011

Cisco recently announced it will discontinue its popular Cisco VPN client. Cisco is moving customers to its Cisco AnyConnect client or to native support as it helps other vendors integrate support directly into their products. With OS X Lion, you can connect to your corporate network without requiring any changes on the part of the corporate infrastructure. This means that existing automations and management will function correctly for IT staff and have the advantage of not requiring IT to roll out new software.

08/17/2011

Malware is on the rise in 2011, as are high-profile attacks against government entities and corporations, according to the Mid-Year Security Threat Report published recently by IT security and data protection company Sophos. The report focuses first on malware, which saw a huge increase in 2011. Since the start of this year, the team at SophosLabs has seen 150,000 different samples of malware each day, a 60 percent increase from the malware analyzed in 2010. To give a little perspective, this year’s numbers represent a unique file nearly every half second, according to the report.

So what exactly defines malware? Malware, or “malicious software,” can show itself in several forms, including viruses, worms and Trojans. Viruses are self-replicating malicious computer programs that are spread from computer to computer via removable media like disks and USB drives, or by infecting a file stored on a computer that is part of a network. A virus makes copies of itself, but in order to spread, it needs the ability to execute code and save to memory. Because of this, most viruses attach themselves to programs. When the user launches the program, the virus is launched at the same time.

There are two types of viruses: resident and non-resident. Resident viruses load their replication modules onto the infected system’s memory, where they can then execute themselves each time a certain action is performed by the operating system, thus spreading to multiple programs on the computer. A non-resident virus goes one step further in that it contains a finder module as well as a replication module. The finder module will seek out new files to infect and then call on the replication module to infect them.

A worm differs from a virus in that it does not need to attach itself to a program to work. A worm takes advantage of a computer’s weakness to infiltrate the system, where it then creates copies of itself and sends them to all computers on the network. Unlike a virus, a worm can replicate and spread without any action by the user. Where a virus infects or changes certain files on a target computer, a worm can damage computers on a network, even if it means simply taking up the bandwidth and slowing the network down. Worms are often used to create zombie computers for use in spamming botnets. A popular example of this is the infamous Waledac botnet, which infected as many as 90,000 computers worldwide before it was brought down by Microsoft last year.

Another kind of malware is the Trojan, which as its name implies, is a malicious program disguised as one that is seemingly useful. This program infects the target computer in order to steal sensitive information or harm the system. Trojans differ from worms and viruses in that they do not replicate themselves. Trojans can give hackers remote access to a system or use infected computers as part of botnet schemes used for spamming or denial-of-service (DDoS) attacks. They can also be used to log keystrokes on a machine or crash the infected computer.

A popular form of Trojan, and one that Sophos reports is still a persistent threat in 2011, is the Trojan that presents itself as an anti-virus application. In this scam, users are tricked by a fake anti-virus pop-up window warning them that their computer is infected. They are then convinced to purchase a rogue application to rid their computer of the virus. The program not only fails to protect the computer, but most likely installs some form of malware onto the system. This wreaks more havoc for the victim, who has just sent their money straight into the scammer’s pocket. According to the Sophos report, the FBI estimates that nearly one million people were duped into buying fake anti-virus software from one particular cybergang, netting the criminals over $72 million.

An example of a persistent Trojan that continues to evolve and target new devices is the Zeus banking Trojan. Recently, researchers discovered a variant of the Zeus malware called “Zitmo,” which can run on Android phones as well as Symbian, Windows Mobile and Blackberrys. The malware intercepts one-time passcodes sent to these devices as a form of added two-factor security, which then allows the hacker access to private information like bank accounts. The increase in consumers who use their smartphones and tablets for sensitive personal and business transactions makes these devices desirable targets for hackers.

According to the Sophos report, Google’s Android platform is proving particularly difficult to secure, and has been a popular target for hackers in the first part of 2011. In June, Google removed several Android applications from the market because they contained data-swiping Plankton malware. Tablets running the Android operating system are also at risk for similar attacks. With more consumer technology making its way into the professional workplace, IT managers have new concerns on their hands as they try to keep their organizations secure.

While much attention has been paid this year to large-scale strikes on major targets, the Sophos report found that attacks against consumers continue to be a threat. Social networking scams, email scams and spear phishing campaigns are still popular, as is SEO poisoning. In SEO poisoning, the hacker takes advantage of popular keyword searches as a way to target the most victims, redirecting users to malicious sites where a variety of malware is downloaded onto their system. Often the malware is hosted on legitimate sites that have been infiltrated by hackers. To see a video demonstration of how this technique works, watch this Sophos video on YouTube.

Even Mac OS X, long believed to be the most secure operating system, is no longer safe in the current hacking landscape. The fake anti-virus malware Mac Defender and its many variants took users and Apple by surprise this spring. Apple was slow to respond to the influx of tech support calls, drawing much criticism. The company finally conceded that the malware was indeed a reality and offered steps to remove it.

Perhaps the most glaring light this year has shone on the many high-profile targeted attacks against huge corporations, government entities and their partners. The hack of RSA’s SecureID two-factor authentication system led to subsequent assaults on defense contractors Lockheed Martin and L-3 Communications. The CIA was also a victim of hackers, as was the International Monetary Fund (IMF). Mega-corporation Sony is likely still reeling from the persistent attacks launched against it earlier this year.

These and other attacks have spurred legislation addressing cybersecurity concerns. The Department of Defense launched a new program in June that aims to help defense contractors protect themselves against cyber attacks. The program, called the Defense Industrial Base (DIB) Cyber Pilot, will share classified information about cyber threats with defense contractors, as well as help them determine how to defend their networks.

The Obama administration is trying to crack down on hacking and cyber attacks that affect government systems or cause a potential national security threat by proposing increased sentences for hackers. Hackers targeting government computers may face up to 20 years in prison for such attacks.

The new Cybersecurity and Internet Freedom Act of 2011 establishes the National Center for Cybersecurity and Communications (NCCC) at the Department of Homeland Security, which will work to protect federal networks as well as public and private sector networks from cyber threats. The Act spurred controversy early on due to a “kill switch” provision that would essentially allow the President to shut down portions of the Internet during a cyber attack. That provision has since been removed.

On the business front, a new data breach bill is in the works, currently being debated on and refined. The bill would require companies suffering a data breach to report the breach and begin notifying customers within 48 hours if the data compromised could lead to identity theft or other harm. The requirement would standardize the currently varying state laws regarding data breaches, which experts say is both good and bad for businesses.

Whether or not this increased attention to cybersecurity will help stave off serious attacks and create a more secure online environment remains to be seen, but clearly progress is being made. However, the first half of 2011 shows us that there is much work to be done. If you would like to read the full Sophos mid-year report, you can download it by visiting this link. You will need to provide some basic information first, including name and email address.

07/12/2011

What is a hacker? For some, the term inspires a vision of a bespectacled youth in a basement bedroom, surrounded by monitors, gadgets and empty soda cans. For others, the impression is darker: a shadowy figure that exists on the edge of society, poised to strike at any moment and wreak havoc on the innocent, stealing identities and bleeding bank accounts of millions of dollars.

And of course there’s the Hollywood version depicted in popular movies like 1995’s Hackers. In it, Angelina Jolie and Johnny Lee Miller head up a gang of gifted teens whose attempts at one-upping each other’s abilities land them in hot water with the Secret Service.

The film glamorizes the hacking subculture, summed up in a line by the character called “The Plague”: “Governments and corporations need people like you and me. We are Samurai...the Keyboard Cowboys...and all those other people who have no idea what's going on are the cattle...Mooo.”

Real life “keyboard cowboys” have garnered much media attention recently, to the dismay of the security experts at Panda Labs. In its April – June 2011 Quarterly Report, Panda chastises the media for spending so much time covering the antics of these groups, specifically the “hacktivist” group Anonymous and its offshoot Lulz Security (“LulzSec”), a short-lived collaborative of hackers claiming the mission “to have fun by causing mayhem.”

The authors make their disdain for these two groups abundantly clear, calling their actions “deplorable” and attributing at least a portion of what Panda refers to as “a disastrous quarter” in cyber security to their hacking activities.

Dubbing itself a group of “hacktivists,” Anonymous claims to be acting in the interest of the masses to protest various injustices. Its members launch attacks against the computer systems of companies or government entities with which they disagree, often as retaliation for anti-hacking views or policies. The group typically organizes distributed denial of service, or DDoS, attacks against these organizations’ networks and web sites.

In February, the group launched an attack on HBGary Federal, a security company that performs classified work for the U.S. government. The firm was investigating Anonymous, and claimed to have uncovered the names of some of its members. In retaliation, Anonymous breached the HBGary network and stole around 60,000 internal emails, which they later released to the public.

Recently the group defaced Turkish government web sites in protest of new internet filtering rules to be implemented next month. The Turkish government responded by arresting 32 suspected members of Anonymous. The arrests came just days after Spanish law enforcement officials arrested three alleged leaders of the group.

Seemingly undeterred, on Monday Anonymous released a database stolen from government consulting contractor Booz Allen Hamilton. The database contained the passwords and email addresses of around 90,000 U.S. military personnel. The Booz Allen attack is the latest in a string of hacks targeting private sector firms that work with what Anonymous deems a corrupt U.S. government.

The focus of LulzSec’s attacks was far less purposeful – just for “lulz,” which in hacker terms is “for laughs.” The group primarily targeted entities with lackluster security such as PBS as well as computers at the U.S. Senate, stealing and posting private information online. Though no critical information was lost in the Senate attack, the stunt could land the culprits in prison for five to 20 years if convicted under the Computer Fraud and Abuse Act.

LulzSec also took down gaming sites Eve Online, Escapist, Minecraft and League of Legends for a three hour period, and then boasted about the attacks on their Twitter account. When accused of attacking only soft targets, the group carried out a DDoS attack on the CIA web site. After “50 days of mayhem” and the arrest and charging of a suspected key member, the group disbanded. Experts speculate, however, that LulzSec’s leaders were merely reabsorbed by Anonymous and their activities continue under that umbrella.

Hacking collaboratives like Anonymous and LulzSec proudly wag their accomplishments under the noses of the public via social media outlets like Twitter and message boards. Their high profile stunts draw followers and get plenty of media attention, and that has security experts like the folks at Panda Labs shaking their heads.

The spotlight has shifted to these high profile breaches and meanwhile, according to the Panda report, malware creation and distribution continues its staggering rise. There are 42 new malware strains created every minute, according to the report, with Trojans being the most popular attack tool for crooks to gain personal information. More than 68 percent of malware consists of Trojans, followed by traditional viruses at just over 16 percent.

The Panda report deems the past quarter “one of the most negative quarters ever judging from the number of cyber-attacks launched.” During this quarter, the first large-scale attack on the Mac OS appeared in the form of MacDefender, rogueware intended to trick users into purchasing fake anti-virus software.

Apple at first denied such an attack took place, despite the malware affecting thousands of users. A few days later, Apple conceded and released a patch, but within hours, new variations of the malware appeared and skated easily past the intended fix.

Two major breaches occurred during this quarter: the RSA breach and the attack on the Sony PlayStation Network (PSN).

In the first, security company RSA reported their systems had been breached and proprietary data relating to their hardware-based two-factor authentication system SecurID had been pilfered. The thieves used the stolen data to forge SecurID tokens, creating one-time passwords that granted them access to the networks of government defense contractors Lockheed Martin and L3 Communications. RSA has begun replacing the SecurID authenticators of nearly 40 million customers worldwide.

The Sony PSN breach was likely the most infamous attack of the quarter according to the Panda report. Cyber crooks stole data affecting 77 million users of the popular gaming platform in what is to date the largest theft of data ever. On top of that, Sony officials chose not to disclose the breach until days later, and when they finally announced the intrusion, greatly downplayed the seriousness of the breach.

The stolen data included users’ names, billing addresses, usernames and unencrypted passwords, as well as birthdates, photos of the users and in about 10 percent of the cases, their credit card information. Days later, another 25 million Sony Online Entertainment customers were affected by a different attack.

Sony pointed fingers at Anonymous, but the group continues to deny responsibility, claiming “for once, it wasn’t us.”

While the spotlight that currently shines on the antics of groups like Anonymous and LulzSec frustrates experts, it is perhaps drawing important attention to the bigger security picture for business owners. Companies can hopefully learn from the mistakes of the large-scale hacking victims and take their own IT security needs seriously.

Whether or not you find yourself in the crosshairs of hacking group, a tightly-secured network is imperative to protect your company’s valuable data. Your Net Guard specializes in network security implementations and can help you determine the best solution for your company. Call Ron with your questions - he’ll be glad to help.

06/14/2011

The last few months have seen a string of high profile breaches targeting U.S. interests, and fingers are pointing at China as the culprit.

Last week, Google accused China of phishing the Gmail accounts of several U.S. government officials, Chinese political activists, military personnel, Asian officials and journalists. Google officials say they traced the attacks to the city of Jinan, China, which was also the source of a more widespread attack on Google in 2010.

The accusation prompted a swift and angry denial by the Chinese government, calling the implication that it was behind the attack “unacceptable” and a political ploy by the internet giant to further strain relations between China and the U.S. U.S. officials say they are taking Google’s claims seriously and will investigate.

The Google incident is the latest in a rash of assaults suspected by security experts to have Chinese ties. In recent months, the highly-secured networks of three U.S. defense contractors have been breached.

The breaches stem from an attack that occurred back in March, when U.S. encryption and security company RSA was infiltrated and information about their SecurID two-factor authentication tokens was stolen.

In an open letter to customers, Executive Chairman Art Coviello wrote:

“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSAs SecurID two-factor authentication products.”

A SecurID token acts like a key of sorts, randomly generating a six-digit passcode that is only valid for sixty seconds. This passcode must be entered in addition to a user’s network password or PIN number. The combination of the two factors, which RSA refers to as “something you know, and something you have,” makes it more difficult for unauthorized individuals to gain access to a network. Companies use the tokens to allow employees to access their networks while off-site. The tokens are also popular for use in financial transactions and within government organizations.

RSA is still not releasing exactly what information was stolen. In the initial letter to customers, Coviello stated “…we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”

This confidence has since proven to be misguided. Following the RSA breach, a series of attacks against three U.S. defense contractors and possibly a related assault on the International Monetary Fund (IMF) were waged using data compromised in the RSA intrusion.

In late May, Lockheed Martin disabled employee remote access and replaced several SecurID tokens after detecting unauthorized access attempts. The infiltrators may have cloned the SecurID tokens of Lockheed users to gain access, though the company reports it was able to thwart an attack and no data was compromised.

Wired.com then reported that in April, defense contractor L-3 Communications had warned employees about attempts to access the secure network using cloned SecurID tokens. It was not made clear whether or not the attack was successful or how the company determined the SecurID token to be the source of the intrusion.

Not long after, Northrop Grumman was also reported to have abruptly shut down remote access to its network after possibly suffering a similar intrusion.

And just this week, the IMF admitted it was the victim of a large and sophisticated attack that took place earlier this year over the span of several months. It is still unclear if the attack was directly related to the RSA breach, however the method used implies that it could be.

According to sources, the IMF attacks were conducted via spear phishing, a tactic where specifically targeted employees are tricked via official-looking emails into providing their login credentials. Keyloggers or other information-harvesting malware is sometimes slipped onto the employee’s system as well. This tactic is also a necessary step in breaches like Lockheed and L-3, and is considered to be a sophisticated method of acquiring personal details.

Hackers need more than just the SecurID token by itself to get into a network. They must also have the accompanying login information and password that is used in conjunction with the token-generated passcode. The spear phishing emails mine this information from unsuspecting employees, and the hackers can then put the two factors together to breach the system.

Due to the sophistication and professional nature of these APT assaults – the intruders had to plan carefully and wait weeks between targeted attacks – along with the fact that the attacks were waged on companies in possession of key U.S. defense technology, leads many experts to openly speculate that China is behind the intrusions.

Rich Mogull, chief executive of Securosis, told CNET: “APT is a euphemism for China. There is a massive espionage campaign being waged by a country. It’s been going on for years, and it’s going to continue.”

And he’s not alone in his opinion. Canadian information security expert Rafal Rohozinski notes that "China has made no secret that they see cyberspace as the domain that allows them to compete with the U.S.”Rohozinski’s research on targeted attacks on Tibet and others with apparent roots in China can be found in a 2009 “GhostNet” report.

If the attacks can indeed be traced back to China, it is unclear whether they were state supported or carried out by independent contractors who sold the information to the Chinese government.

Somewhat ironically, all of this activity comes during a time when the Pentagon is busy constructing a formal cyber strategy to deal with computer sabotage coming from another country. Under the new plan, such infiltration can be deemed an act of war, which could allow the U.S. to respond with traditional military force.

According to a Wall Street Journal article on the subject, details including what would be considered triggers for retaliation and how much force is appropriate for different types of cyber attacks are still being sorted out. Unclassified sections of the document are expected to be made public this month.

While these intrusions and the threat of international cyber espionage may sound too far-removed from your own business security needs, the basic principles of protecting your network are the same. Be sure you have a solution in place that meets the security needs of your company. Ron is a network and information security specialist and will be happy to answer your questions – call him today and keep your systems protected.

06/13/2011

Scanning, or more specifically network scanning, is the act of scanning network addresses, or Internet Protocol (IP) addresses to identify hosts on the network and the services those hosts provide.

Scanning is often thought of as hacking--either hacking to stop the “bad” government (or other entity) from carrying out something bad that legitimizes the use of harmful hacking, or simply illegitimate hacking to carry out harmful activities.

However, the intent of the scanning and how aggressive the scan is determines how a scan is categorized. This book covers the legitimate uses of scanning, and specifically scanning with Nmap.

Legitimate uses of scanning include system administration, auditing, and education.

System Administration and Auditing

System administration and auditing are the major topics covered in this book. Although educational uses will not be covered the system administration and auditing lessons can prove useful to the computer science, information systems, and self taught learners. The examples covered will be those carried out in enterprise networks.

Many companies have large networks that are either poorly documented or are very dynamic and require the use of network scans to determine what services are running on which systems. Also security audits are often needed, and network scans can be the first step in the execution of a security audit.

Nmap, or Network Mapper, is a freely available, open source scanner. It was originally written by the security expert Gordon Lyon. Gordon is often better recognized by his pseudonym Fyodor Vaskovich. The project’s home page is at http://www.nmap.org/.

There are numerous types of activities that nmap can perform to help in system administration and auditing. Here are some real examples that I have carried out or helped others carry out. (The examples, are real; however, the nmap output is based upon running scripts in a lab environment to simulate what I have performed for various customer over several years.)

Example 1 - PCI DSS Audit

Organizations that accept credit and debit cards must pass assessments carried out by auditors approved by the Payment Card Industry--an organization created by the card brands to regulate the industry by the same standards. The Payment Card Industry Data Security Standard (PCI DSS) must be met by such organizations. As part of the PCI DSS insecure protocols are not permitted. One such protocol that gives many organizations issue on the PCI DSS assessment is version 2 of the secure socket layer (SSL) protocol. The question is do we use the protocol? If so, on which systems? Nmap can help quickly find all systems running version 2 of the protocol as this abridged output from such a scan shows.

One of the issues with the file transfer protocol is that all the traffic is sent in “plain view”, meaning that the user ID, password, and data can easily be intercepted. This issue was brought to light for one company that had its numbers leaked to message boards before earnings calls. This meant that speculators could greatly influence the market before the official word came to the public.

The issue was the ftp server that was used to publish to board members. The issue was quickly fixed; however, the chief information officer (CIO) wanted all ftp servers disabled and http with SSL used instead. The environment was huge, and interviewing various IT departments was moving too slow to identify the servers. An Nmap scan of the environment was able to identify the ftp servers in a matter of minutes. Here is what such a scan would look like:

In a university environment, the IT staff was given the job to shut down all legacy web services that were set up several years earlier whenever departments were allowed to have their own web servers. Most of the servers were well known by some students that were using them to share music and videos, but staff didn’t have an accurate grip on which networks they were located. To further compound the problem, students found out that that the university was clamping down on allowing rogue services being run on university equipment and started configuring web services to run on other ports.

Here you can see that nmap has identified not only the standard web server port 80, but it has also identified the Apache web server running on ports 81, and 443.

Those three examples, give a good basis for understanding how well Nmap can be used for administration and auditing. Most of the rest of the book covers using Nmap for these types of purposes. The next two sections covers Nmaps’ other uses: hacking and educational.

Educational

Nmap is used quote often for learning--both learning about how networks function, and learning about the impact of a particular vulnerability. For example, ping scans can be used to learn when they are effective and why they don’t always work. A vulnerability scan across large networks can tell a security report how widespread a new vulnerability has got.

Hacking

Using Nmap for hacking, even if well intended to “right a wrong” can lead to both civil and criminal issues. Generally speaking, Nmap cannot be used to actually exploit networks and systems so it’s actual use is not what leads to civil or criminal issues, but rather what is done with the results of the nmap scan or if nmap is run so aggressively that network or host outages are caused. I try not to distinguish between good hackers and bad hackers when discussing nmap, because often time even “good” hacking can give rise to civil law suits. Anytime the activity goes from knowing a system is vulnerable to taking advantage of the vulnerability moves the activity into hacking activity.

Off to Scanning

Ron’s upcoming book on scanning with nmap will be released this summer. Please check back here for additional information.

05/09/2011

In the wake of recent large-scale breaches at companies like Epsilon and Sony, which compromised the personal data of millions of consumers, security concerns are at their peak. But are these concerns translating into action? Recent surveys indicate that while companies understand the security threats to their systems, many are not taking proper steps to protect themselves from attacks.

A survey conducted by the Courion Corporation polled about 1,250 IT decision makers from large companies around the globe. Most of the participants hail from corporations with more than 1,000 employees. The survey found that nearly one third of the respondents do not believe their companies have accurate assessments of the security risks facing them, including threats stemming from both internal and external sources. Essentially, the people responsible for securing their company’s systems are feeling insecure about their ability to do so.

Their feelings are not without merit, the survey reports, finding that more than 90% of respondents cite identification of user access as a primary method for assessing IT security risk, yet 60% claim to only review this access once a year or even more infrequently. Upon reviewing their company’s access rights, nearly half the respondents found excessive user rights existed in their systems. Obviously the more people who have access to a company’s sensitive data – especially those who do not need this access – the wider the door is left open for potential breaches.

“The results of this survey indicate that there is still widespread misunderstanding of the impact user access reviews have on enterprise IT risk,” said Kurt Johnson, Courion’s vice president of strategy and corporate development.

A similar misunderstanding seems to permeate infrastructure firms, who most will agree face an ever-increasing risk with the emergence of sophisticated malware like the Stuxnet worm.

Stuxnet targets Siemens Supervisory Control And Data Acquisition (SCADA) systems, which control and monitor industrial systems like those found in electric, water, gas and other key infrastructure sectors. The malware takes over the operation of specific equipment components and causes them to behave erratically, but reports back to system operators that everything is functioning normally. It is believed the worm caused real damage to the Natanz nuclear facility in Iran last year, proving its dangerous potential to hinder operations in similar plants.

A recent study conducted by McAfee and the Center for Strategic International Studies (CSIS) found that utility companies are aware of the increased risk, yet are not adopting security technologies intended to protect against such threats.

Over 200 leaders in the oil/gas, energy and water sectors around the world were surveyed in the study, which found that many critical infrastructures were not adequately protected against cyber attacks. Forty percent of these executives believe that their industry is more vulnerable to such attacks, and even expect a major attack to occur against their sector within the next year.

Almost 30 percent do not believe their company is prepared to respond to a cyber attack, and a staggering 80 percent have been the victim of large-scale denial of service attacks. In addition, 70 percent of the respondents have reported frequently finding malware on their systems that is designed to sabotage them, including 46 percent of respondents in the electricity sector who reported finding Stuxnet on their systems.

So what are these companies doing to increase their security measures? According to the study, not enough.

When comparing this year’s report findings to those from last year, experts see a concerning – and continuing – lack of attention to security. In her blog, McAfee Vice President and Chief Technology Officer for Global Public Sector Phyllis Schneck writes that “Perhaps one of the most frightening findings in the report is the fact that, although the security threat and awareness of the threat have increased exponentially, the energy sector increased its adoption of security technologies by only one percent.”

Oil and gas companies were slightly more progressive, increasing their adoption of security technologies by 3 percent, while the water and sewage sector took the lead by increasing their security measures by 8 percentage points.

Overall, despite clear evidence that they are at an increasing risk of sabotage, key infrastructure organizations are slow on the draw to implement technologies that could protect them and prevent large-scale threats to public safety. Is budget to blame? In a struggling economy that’s very likely. Spending resources to protect against a chance attack by an unseen threat may not seem worth it. Yet surely the recovery cost will be much higher should such an attack be perpetrated on an electric grid, for example. Perhaps companies have a difficult time understanding the impact of such an attack until they are targeted directly.

Whatever the reasons, the survey results paint a rather grim picture of potentially vulnerable targets left unprepared to handle what seem to be inevitable attacks against them.

Another recent report lays out the need for basic security implementation, while indicating that cyber crime trends may be shifting. The 2010 Verizon Data Breach Investigations Report was released in April. This 4th edition of the report included 800 new breaches that were investigated by Verizon and the US Secret Service last year, an all-time high since the first report was published three years ago. The first three years combined totaled about 900 breaches.

But while the sheer number of breaches skyrocketed, the number of compromised records plummeted to just under 4 million. That number was 144 million in 2009, and in 2008, a frightening 341 million. Recording the highest number of breaches in the same year as the lowest number of records compromised seems like a fluke, but perhaps it signals a trend in the way cyber criminals attack their targets.

Experts suggest that the large-scale breaches like the one at Heartland Payment Systems might be considered too high-risk for hackers now, or that perhaps these huge breaches have flooded the black market with enough credit card numbers, causing their value to drop.

The Verizon report found that 92 percent of attacks stemmed from external sources, up 22 percent from 2009. Fifty percent of the attacks used some kind of hacking technique, up 10 percent from the previous year. Incorporated malware also increased in popularity by 11 percent, constituting 49 percent of all breaches.

An interesting note is the increase in physical attacks like ATM skimming and Point of Sale (POS) equipment tampering. The figure that doubled in 2009 doubled again in 2010, accounting for 29 percent of breaches.

Also interesting and likely a bad sign is the increased number of customized malware discovered in the caseload studied. Nearly two-thirds of the malware investigated had been customized, indicating that the cost of customization is low and it is more accessible to criminals. With an increase of the “malware-as-a-service market,” this does not bode well.

Card payment data is still the number one breach, according to the report, and most victims (83 percent) were ones of opportunity. Most attacks were not particularly difficult, and a whopping 96 percent of them could have been avoided by instituting simple or intermediate controls.

These three reports indicate an evolving cyber crime landscape and a slow response on the part of many businesses to update their security practices. Are you concerned that your business is falling behind on security measures? Your Net Guard specializes in network security and can help you keep your systems protected. Call Ron with your concerns – he’ll be glad to help find a solution that meets your needs.

02/16/2011

With Google One Pass, publishers can customize how and when they charge for content while experimenting with different models to see what works best for them—offering subscriptions, metered access, "freemium" content or even single articles for sale from their websites or mobile apps. The service also lets publishers give existing print subscribers free (or discounted) access to digital content. We take care of the rest, including payments technology handled via Google Checkout.